Differences

This shows you the differences between two versions of the page.

--- computers:truenas:gateway [03-Nov-2021 11:40] – [Configuring a Simple Firewall] Steve Joynt
+++ computers:truenas:gateway [02-Feb-2025 16:14] (current) – external edit 127.0.0.1
@@ Line 70: / Line 70: @@
 <code>
-jexec "ioc-${JAIL_NAME:?}" \
+jexec "ioc-${JAIL_NAME:?}" mkdir -p "${NAT_CONF%/*}"
-  mkdir -p "${NAT_CONF%/*}"
-jexec "ioc-${JAIL_NAME:?}" /bin/sh -c \
+jexec "ioc-${JAIL_NAME:?}" /bin/sh -c "cat >| ${NAT_CONF:?}" <<END
-"cat >| ${NAT_CONF:?}" \
-<<END
 use_sockets yes
@@ Line 90: / Line 87: @@
 </code>
-====== Configuring a Simple Firewall ======
+====== Configure a Simple Firewall ======
+> IMPORTANT!
+> This firewall does not filter any traffic. It allows anything to talk to anything.
+> At this stage I just want to trigger NAT as appropriate to allow hosts on different networks to communicate.
+> The "real" firewall is provided by my Internet router (which blocks all incoming requests), not this configuration.
+> If your TrueNAS box connects directly to the Internet, DO NOT USE THIS EXAMPLE !!!
 <code>
@@ Line 106: / Line 109: @@
 <code>
+# enable IP forwarding
+jexec "ioc-${JAIL_NAME:?}" sysrc gateway_enable="YES"
+# enable the firewall service (aka ipfw)
+jexec "ioc-${JAIL_NAME:?}" sysrc firewall_enable="YES"
 # enable the NAT service
@@ Line 114: / Line 123: @@
 </code>
+====== Firewall and Debugging Logs ======
+If you've turned on any logging for the ipfw service or natd, the output can be seen on the TrueNAS server OUTSIDE THE JAIL in this file...
+<code>/var/log/security</code>
 ====== Credits ======
@@ Line 123: / Line 137: @@
   * [[https://www.freebsd.org/cgi/man.cgi?natd]]
   * [[https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-configure-the-ipfw-firewall-on-freebsd/]]
+  * [[https://www.asksaro.com/freebsd/setting-up-a-network-gateway-using-ipfw-and-natd/]]